In this chapter, we pushed past the standard configuration capability of the Spring Security framework and implemented several advanced customizations. We covered the following:
- Implementing custom servlet filters to handle configurable IP-and role-based filtering, and HTTP request header-based SSO requests
- Adding a custom
AuthenticationProvider and supporting implementation classes for HTTP request header-based SSO
- Examining the configuration and benefits of session fixation protection and concurrent session handling, including a couple of tangential benefits, which allow for user session reporting
- Configuring custom access denied handling and examining when and why
AccessDeniedException is thrown, and how it is appropriate to respond to ...